<?
if ($_SESSION['auth'] != "POLPwBLgpZDZ7RNvzy6t2wxH3eSfuowVpY5c9HorCetkWieV52" || $_GET['action'] == "logout") {
  if (isset($_GET['action'])) {
    switch ($_GET['action']) {
      case "login":
        $action = "login";
        include ("includes/dbconn.php");
        $username = $_POST['username'];
        $password = md5($_POST['password']);
        $sql = "SELECT * from tbl_reporting_personnel WHERE rp_username  ='".$username."' and rp_password ='".$password."'"; 
        $result = mysql_query($sql);
        if (!$result) {die('Query error: ' . mysql_error());}
        if (mysql_num_rows($result)!= 1) {$error = 1;} else {  
          $userInfo = mysql_fetch_array($result);
          $_SESSION['uid'] = $userInfo['rp_id'];
          $_SESSION['first_name'] = $userInfo['rp_first_name'];
          $_SESSION['last_name'] = $userInfo['rp_last_name'];
          $_SESSION['rp_email'] = $userInfo['rp_email '];
//          $_SESSION['cid'] = $userInfo['cid'];
          $_SESSION['cname'] = $userInfo['c_nickname'];
          $_SESSION['group'] = $userInfo['user_level'];
          $_SESSION['auth'] = "POLPwBLgpZDZ7RNvzy6t2wxH3eSfuowVpY5c9HorCetkWieV52";          
        }
      break;      
      case "logout":
        $action = "logout";
        unset($_SESSION['auth']);
        session_unset();
        session_destroy();
      break;
      case "reset":
        $action = "reset";
        include ("includes/dbconn.php");
        include ("includes/gen_password.php");
      break;
    }
  } else { $action = "login";}
?><div class="ui-overlay"><div class="ui-widget-overlay"></div><div class="ui-widget-shadow ui-corner-all" style="width: 302px; position: absolute; left: 40%; top: 250px;"></div></div>
			<div style="position: absolute; width: 280px; left: 40%; top: 250px; padding: 10px;" class="ui-widget ui-widget-content ui-corner-all">
				<div class="ui-dialog-content ui-widget-content" style="background: none; border: 0;">
          <center>
        <? switch ($action) { 
            case "login":
              if ($_SESSION['auth'] == "POLPwBLgpZDZ7RNvzy6t2wxH3eSfuowVpY5c9HorCetkWieV52") { ?>
                <h2>You are now logged in!</h2>  					
                <p>This notice will be used as a "message of the day" that can be updated as needed.<br />
                <form method="POST" action="index.php">
                <input type="submit" value="Get Started!" name="login"> 
                </form>
                </p>
            <? } else { ?>
                <h2>Login</h2>
      					<p><? if ($error == 1) { ?>
                        <div class="ui-widget">
                        <div class="ui-state-error ui-corner-all" style="padding: 0 .7em;">
                        <p><span class="ui-icon ui-icon-alert" style="float: left; margin-right: .3em;"></span>Incorrect Username or Password</p>
                        </div>
                        </div>
                   <? } else {echo "<font color='green' size='1'>You must be logged in to view this page</font>";}?></p>
                <form method="POST" action="index.php?action=login"> 
                <label>Username</label><input type="text" name="username" size="30"> 
                <br />
                <label>Password</label><input type="password" name="password" size="30"> 
                <br />
                <input type="submit" value="Login" name="login"> 
                </form>
                <p><a href="index.php?action=reset">Forgot Your Password?</a></p>
       <? } break;
            case "logout": ?>        
                <h2>You have been logged out.</h2>  					
                <p>It is now safe to browse to another site or close this window.<br />
                <form method="POST" action="index.php">
                <input type="submit" value="Login" name="login">
                </form>
                </p>                
         <? break;
            case "reset":
              ?><h2>Password Reset</h2><p><?
              if (isset($_GET['step']) && $_GET['step'] == "submit") {                
                $newPass = generatePassword();
                $newmd5Pass = md5($newPass);
                $email = $_POST['email'];                              
                $sql = "SELECT * from user_accounts WHERE email='".$email."'"; 
                $result = mysql_query($sql);
                if (!$result) {die('Query error: ' . mysql_error());}
                if (mysql_num_rows($result)!= 1) {$error = 1;} else {                  
                  $up_sql = "UPDATE user_accounts SET pw = '".$newmd5Pass."' WHERE email = '".$email."' LIMIT 1;";
                  $up_result = mysql_query($up_sql);                  
                  if (!$up_result) {die('Query error: '. mysql_error());}
                  $subject = "AECA Reporting Portal";
                  $body = "Your password for the AECA Reporting Portal has been reset to the password shown below:"."\n".$newPass."\n"."\n"."Please contact AECA if you continue to experience problems logging into your account.";
                  if (mail($email, $subject, $body)) {$success = 1;} else {$form = "nosend"; $success = 0;}    
                }
                if ($error == 1) { ?> 
                  <div class="ui-widget">
                  <div class="ui-state-error ui-corner-all" style="padding: 0 .7em;">
                  <p><span class="ui-icon ui-icon-alert" style="float: left; margin-right: .3em;"></span>The email address you entered appears to be incorrect.</p>
                  </div>
                  </div> 
                <? }
              } 
              if ((isset($_GET['step']) && ($error == 1)) || (!isset($_GET['step']))) { ?>                         
                  <font size='1' color="green">Input the email address associated with your AECA reporting account.</font><br />
                  <form method="POST" action="index.php?action=reset&step=submit">
                  <label>Email Address</label><input type="text" name="email" size="30">
                  <input type="submit" value="Reset Password" name="login"> 
                  </form>
           <? } elseif ($success == 1) { ?>
                  <font color='green'><b>An email containing your new password has been sent.</b></font><br>
                  <form method="POST" action="index.php">
                  <input type="submit" value="Return to Login Form"> 
                  </form>       
            <? } elseif ($success == 0) { ?>
                  <font color='red'><b>There was an error while attempting to reset your password. Please contact AECA.</b></font>
                  <br>
                  <form method="POST" action="index.php">
                  <input type="submit" value="Return to Login Form"> 
                  </form> 
            <? } ?>
              </p><?                
            break;
          } ?>
          </center>
        </div>
			</div><?  
} 
else {
include ("includes/content.php");
}
?>